P
US12450347B2ActiveUtilityPatentIndex 50

Typo squatting, dependency confusion, and brandjacking detection

Assignee: MICRO FOCUS LLCPriority: Feb 25, 2022Filed: Feb 25, 2022Granted: Oct 21, 2025
Est. expiryFeb 25, 2042(~15.7 yrs left)· nominal 20-yr term from priority
Inventors:HOOLE ALEXANDERANGELO MICHAEL F
G06F 21/568G06F 2221/034G06F 21/566G06F 21/563
50
PatentIndex Score
0
Cited by
12
References
20
Claims

Abstract

A software build environment is scanned for one or more potentially malicious code paths. In response to scanning the software build environment for the one or more potentially malicious code paths, one or more potentially malicious code paths are identified. The identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path. In response to identifying the one or more potentially malicious code paths a microprocessor does at least one of: generate a notification identifying the one or more potentially malicious code paths, automatically change and/or remove the one or more potentially malicious code paths and deny the start of a build process.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A system, comprising:
 a microprocessor; and 
 a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to: 
 scan a software build environment for one or more potentially malicious code paths; 
 in response to scanning the software build environment for the one or more potentially malicious code paths, identify the one or more potentially malicious code paths, 
 wherein at least one of the one or more potentially malicious code paths is identified as being malicious based on comparing a hash of the at least one of the one or more potentially malicious code paths with a known hash of a legitimate version of a code path for the at least one of the one or more potentially malicious code paths, and 
 wherein the identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path; and 
 in response to identifying the one or more potentially malicious code paths, the microprocessor 
 denies the start of a build process. 
 
     
     
       2. The system of  claim 1 , wherein the microprocessor readable and executable instructions further cause the microprocessor to:
 in response to scanning the software build environment for the one or more potentially malicious code paths: 
 identify one or more software components associated with the one or more potentially malicious code paths; and 
 compare hashes for the one or more software components to known hashes of legitimate versions of the one or more software components to validate whether the one or more software components are valid. 
 
     
     
       3. The system of  claim 1 , wherein identifying the one or more potentially malicious code paths comprises the typo squat code path. 
     
     
       4. The system of  claim 3 , wherein the typo squat code path is identified based on at least one of: keyboard keys next to each other, an extra character, a missing character, switched characters, a hidden character, other special characters, hyphenated strings, a spelling mistake, an alternate spelling, use of alternate character encoding standards, an incorrect domain ending, and a pluralization. 
     
     
       5. The system of  claim 1 , wherein identifying the one or more potentially malicious code paths comprises the dependency confusion code path. 
     
     
       6. The system of  claim 5 , wherein the dependency confusion code path is identified based on at least one of: a version indicator, a less than version indicator, a less than or equal to version indicator, a greater than version indicator, a greater than or equal to version indicator, approximately equivalent to version indicator, a compatible with version indicator, and a range of version indicator. 
     
     
       7. The system of  claim 1 , wherein identifying the one or more potentially malicious code paths comprises the brandjack code path. 
     
     
       8. The system of  claim 1 , wherein the at least one of the one or more potentially malicious code paths is based on a second level or greater of a dependency tree. 
     
     
       9. The system of  claim 1 , wherein scan the software build environment for one or more potentially malicious code paths includes scan a plurality of code paths including at least one of code paths to internal software components, code paths to third-party software components and code paths to open-source software components. 
     
     
       10. A method, comprising:
 scanning, by a microprocessor, a software build environment for one or more potentially malicious code paths; 
 in response to scanning the software build environment for the one or more potentially malicious code paths, identifying, by the microprocessor, the one or more potentially malicious code paths, 
 wherein at least one of the one or more potentially malicious code paths is identified as being malicious based on comparing a hash of the at least one of the one or more potentially malicious code paths with a known hash of a legitimate version of a code path for the at least one of the one or more potentially malicious code paths, and 
 wherein the identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path; and 
 in response to identifying the one or more potentially malicious code paths, 
 denying, by the microprocessor, the start of a build process. 
 
     
     
       11. The method of  claim 10 , further comprising:
 in response to scanning the software build environment for the one or more potentially malicious code paths: 
 identifying one or more software components associated with the one or more potentially malicious code paths; and 
 comparing hashes for the one or more software components to known hashes of legitimate versions of the one or more software components to validate whether the one or more software components are valid. 
 
     
     
       12. The method of  claim 10 , wherein identifying the one or more potentially malicious code paths comprises the typo squat code path. 
     
     
       13. The method of  claim 12 , wherein the typo squat code path is identified based on at least one of: keyboard keys next to each other, an extra character, a missing character, switched characters, a hidden character, other special characters, hyphenated strings, a spelling mistake, an alternate spelling, use of alternate character encoding standards, an incorrect domain ending, and a pluralization. 
     
     
       14. The method of  claim 10 , wherein identifying the one or more potentially malicious code paths comprises the dependency confusion code path. 
     
     
       15. The method of  claim 14 , wherein the dependency confusion code path is identified based on at least one of: a version indicator, a less than version indicator, a less than or equal to version indicator, a greater than version indicator, a greater than or equal to version indicator, approximately equivalent to version indicator, a compatible with version indicator, and a range of version indicator. 
     
     
       16. The method of  claim 10 , wherein identifying the one or more potentially malicious code paths comprises the brandjack code path. 
     
     
       17. The method of  claim 10 , wherein the at least one of the one or more potentially malicious code paths is based on a second level or greater of a dependency tree. 
     
     
       18. The method of  claim 9 , scanning, by the microprocessor, the software build environment for one or more potentially malicious code paths includes scanning, by the microprocessor, a plurality of code paths including at least one of code paths to internal software components, code paths to third-party software components and code paths to open-source software components. 
     
     
       19. A non-transient computer readable medium having stored thereon instructions that cause a processor to execute a method, the method comprising:
 instructions to:
 scan a software build environment for one or more potentially malicious code paths; 
 in response to scanning the software build environment for the one or more potentially malicious code paths, identify the one or more potentially malicious code paths, 
 wherein at least one of the one or more potentially malicious code paths is identified as being malicious based on comparing a hash of the at least one of the one or more potentially malicious code paths with a known hash of a legitimate version of a code path for the at least one of the one or more potentially malicious code paths, and 
 wherein the identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path; and 
 in response to identifying the one or more potentially malicious code paths, 
 deny the start of a build process. 
 
 
     
     
       20. The non-transient computer readable medium of  claim 19 , wherein scan the software build environment for one or more potentially malicious code paths includes scan a plurality of code paths including at least one of code paths to internal software components, code paths to third-party software components and code paths to open-source software components.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.